Vulnerabilities > CVE-2004-0230
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP. <a href="https://cwe.mitre.org/data/definitions/331.html">CWE-331: Insufficient Entropy</a>
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 2 | |
| OS | 8 | |
| OS | 4 | |
| OS | 1 | |
| Application | 1 | |
| Application | 4 |
Exploit-Db
description Multiple Vendor TCP Sequence Number Approximation Vulnerability (1). CVE-2004-0230. Remote exploits for multiple platform id EDB-ID:24030 last seen 2016-02-02 modified 2004-03-05 published 2004-03-05 reporter Matt Edman source https://www.exploit-db.com/download/24030/ title Multiple Vendor TCP Sequence Number Approximation Vulnerability 1 description Multiple Vendor TCP Sequence Number Approximation Vulnerability (4). CVE-2004-0230. Remote exploits for multiple platform id EDB-ID:24033 last seen 2016-02-02 modified 2004-04-23 published 2004-04-23 reporter K-sPecial source https://www.exploit-db.com/download/24033/ title Multiple Vendor TCP Sequence Number Approximation Vulnerability 4 description MS Windows Malformed IP Options DoS Exploit (MS05-019). CVE-2004-0230,CVE-2004-0790,CVE-2004-1060,CVE-2005-0048,CVE-2005-0688. Dos exploit for windows platform id EDB-ID:942 last seen 2016-01-31 modified 2005-04-17 published 2005-04-17 reporter Yuri Gushin source https://www.exploit-db.com/download/942/ title Microsoft Windows - Malformed IP Options DoS Exploit MS05-019 description Multiple Vendor TCP Sequence Number Approximation Vulnerability (3). CVE-2004-0230. Remote exploits for multiple platform id EDB-ID:24032 last seen 2016-02-02 modified 2004-04-20 published 2004-04-20 reporter Paul Watson source https://www.exploit-db.com/download/24032/ title Multiple Vendor TCP Sequence Number Approximation Vulnerability 3 description Multiple Vendor TCP Sequence Number Approximation Vulnerability (2). CVE-2004-0230. Remote exploits for multiple platform id EDB-ID:24031 last seen 2016-02-02 modified 2004-04-20 published 2004-04-20 reporter Paul A. Watson source https://www.exploit-db.com/download/24031/ title Multiple Vendor TCP Sequence Number Approximation Vulnerability 2 description TCP Connection Reset Remote Exploit. CVE-2004-0230. Remote exploit for linux platform id EDB-ID:291 last seen 2016-01-31 modified 2004-04-23 published 2004-04-23 reporter Paul A. Watson source https://www.exploit-db.com/download/291/ title TCP Connection Reset Remote Exploit description MS Windows 2K/XP TCP Connection Reset Remote Attack Tool. CVE-2004-0230. Dos exploit for windows platform id EDB-ID:276 last seen 2016-01-31 modified 2004-04-22 published 2004-04-22 reporter Aphex source https://www.exploit-db.com/download/276/ title Microsoft Windows 2000/XP - TCP Connection Reset Remote Attack Tool
Nessus
NASL family CISCO NASL id CISCO-SA-20040420-TCP-IOS.NASL description The remote device is running a version of IOS that contains flaws in the TCP implementation that can allow a remote attacker to reset any established TCP connection. last seen 2020-06-01 modified 2020-06-02 plugin id 17781 published 2012-01-10 reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17781 title TCP Vulnerabilities in Multiple IOS-Based Cisco Products code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(17781); script_version("1.10"); script_cvs_date("Date: 2018/11/15 20:50:20"); script_cve_id("CVE-2004-0230"); script_xref(name:"CISCO-BUG-ID", value:"CSCed27956"); script_xref(name:"CISCO-BUG-ID", value:"CSCed93836"); script_xref(name:"CISCO-SA", value:"cisco-sa-20040420-tcp-ios"); script_name(english:"TCP Vulnerabilities in Multiple IOS-Based Cisco Products"); script_summary(english:"Checks IOS version"); script_set_attribute( attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch." ); script_set_attribute( attribute:"description", value: "The remote device is running a version of IOS that contains flaws in the TCP implementation that can allow a remote attacker to reset any established TCP connection." ); script_set_attribute(attribute:"see_also",value:"http://www.nessus.org/u?03b0dd1e"); script_set_attribute( attribute:"solution", value: "Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20040420-tcp-ios." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2004-0230"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/04/20"); script_set_attribute(attribute:"patch_publication_date", value:"2004/04/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/10"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CISCO"); script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("cisco_ios_version.nasl"); script_require_keys("Host/Cisco/IOS/Version"); exit(0); } include("cisco_func.inc"); version = get_kb_item_or_exit('Host/Cisco/IOS/Version'); # Affected: 11.1 if (deprecated_version(version, "11.1")) { security_warning(port:0, extra:'\nMigrate to 11.2 latest version.\n'); exit(0); } # Affected: 11.1AA if (deprecated_version(version, "11.1AA")) { security_warning(port:0, extra:'\nMigrate to 11.2P latest version.\n'); exit(0); } # Affected: 11.1CC if (deprecated_version(version, "11.1CC")) { security_warning(port:0, extra:'\nMigrate to 12.0 latest version.\n'); exit(0); } # Affected: 11.2 if (check_release(version:version, patched:make_list("11.2(26f)"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected: 11.2P if (check_release(version:version, patched:make_list("11.2(26)P6"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected: 11.2SA if (check_release(version:version, patched:make_list("11.2(8.12)SA6"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected: 11.3 if (check_release(version:version, patched:make_list("11.3(11b)T4", "11.3(11e)"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected: 12.0 if (check_release(version:version, patched:make_list("12.0(28)"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected: 12.0DA if (deprecated_version(version, "12.0DA")) { security_warning(port:0, extra:'\nMigrate to 12.2DA latest version.\n'); exit(0); } # Affected: 12.0DB if (deprecated_version(version, "12.0DB")) { security_warning(port:0, extra:'\nMigrate to 12.1DB latest version.\n'); exit(0); } # Affected: 12.0DC if (deprecated_version(version, "12.0DC")) { security_warning(port:0, extra:'\nMigrate to 12.1DC latest version.\n'); exit(0); } # Affected: 12.0S if (check_release(version:version, patched:make_list("12.0(21)S8", "12.0(27)S", "12.0(26)S2", "12.0(16)S11", "12.0(24)S5", "12.0(25)S3", "12.0(23)S6"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected: 12.0SL if (deprecated_version(version, "12.0SL")) { security_warning(port:0, extra:'\nMigrate to 12.0(23)S6 or later.\n'); exit(0); } # Affected: 12.0ST if (deprecated_version(version, "12.0ST")) { security_warning(port:0, extra:'\nMigrate to 12.0(26)S2 or later.\n'); exit(0); } # Affected: 12.0SX if (deprecated_version(version, "12.0SX")) { security_warning(port:0, extra:'\nContact Cisco TAC for fix information.'); exit(0); } # Affected: 12.0SZ if (deprecated_version(version, "12.0SZ")) { security_warning(port:0, extra:'\nMigrate to 12.0(26)S2 or later.\n'); exit(0); } # Affected: 12.0T if (deprecated_version(version, "12.0T")) { security_warning(port:0, extra:'\nMigrate to 12.1 latest version.\n'); exit(0); } # Affected: 12.0W5 if (check_release(version:version, patched:make_list("12.0(25)W5(27b)", "12.0(28)W5(30)"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected: 12.0WC if (check_release(version:version, patched:make_list("12.0(5)WC9a"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected: 12.0WT if (deprecated_version(version, "12.0WT")) { security_warning(port:0, extra:'\nNo fix available - End of Engineering\n'); exit(0); } # Affected: 12.0WX if (deprecated_version(version, "12.0WX")) { security_warning(port:0, extra:'\nMigrate to 12.0W5 latest version.\n'); exit(0); } # Affected: 12.0XA if (deprecated_version(version, "12.0XA")) { security_warning(port:0, extra:'\nMigrate to 12.1 latest version.\n'); exit(0); } # Affected: 12.0XB if (deprecated_version(version, "12.0XB")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected: 12.0XC if (deprecated_version(version, "12.0XC")) { security_warning(port:0, extra:'\nMigrate to 12.1 latest version.\n'); exit(0); } # Affected: 12.0XD if (deprecated_version(version, "12.0XD")) { security_warning(port:0, extra:'\nMigrate to 12.1 latest version.\n'); exit(0); } # Affected: 12.0XE if (deprecated_version(version, "12.0XE")) { security_warning(port:0, extra:'\nMigrate to 12.1E latest version.\n'); exit(0); } # Affected: 12.0XG if (deprecated_version(version, "12.0XG")) { security_warning(port:0, extra:'\nMigrate to 12.1 latest version.\n'); exit(0); } # Affected: 12.0XH if (deprecated_version(version, "12.0XH")) { security_warning(port:0, extra:'\nMigrate to 12.1 latest version.\n'); exit(0); } # Affected: 12.0XI if (deprecated_version(version, "12.0XI")) { security_warning(port:0, extra:'\nMigrate to 12.1 latest version.\n'); exit(0); } # Affected: 12.0XJ if (deprecated_version(version, "12.0XJ")) { security_warning(port:0, extra:'\nUpdate to 12.1 latest version.\n'); exit(0); } # Affected: 12.0XK if (deprecated_version(version, "12.0XK")) { security_warning(port:0, extra:'\nMigrate to 12.1T latest version.\n'); exit(0); } # Affected: 12.0XL if (deprecated_version(version, "12.0XL")) { security_warning(port:0, extra:'\nMigrate to 12.2 latest version.\n'); exit(0); } # Affected: 12.0XM if (deprecated_version(version, "12.0XM")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected: 12.0XN if (deprecated_version(version, "12.0XN")) { security_warning(port:0, extra:'\nMigrate to 12.1 latest version.\n'); exit(0); } # Affected: 12.0XP if (deprecated_version(version, "12.0XP")) { security_warning(port:0, extra:'\nMigrate to 12.0(5)WC9a or later.\n'); exit(0); } # Affected: 12.0XQ if (deprecated_version(version, "12.0XQ")) { security_warning(port:0, extra:'\nMigrate to 12.1 latest version.\n'); exit(0); } # Affected: 12.0XR if (deprecated_version(version, "12.0XR")) { security_warning(port:0, extra:'\nMigrate to 12.2 latest version.\n'); exit(0); } # Affected: 12.0XS if (deprecated_version(version, "12.0XS")) { security_warning(port:0, extra:'\nMigrate to 12.1E latest version.\n'); exit(0); } # Affected: 12.0XU if (deprecated_version(version, "12.0XU")) { security_warning(port:0, extra:'\nMigrate to 12.0(5)WC or later.\n'); exit(0); } # Affected: 12.0XV if (deprecated_version(version, "12.0XV")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected: 12.1 if (check_release(version:version, patched:make_list("12.1(20a)", "12.1(4c)", "12.1(22b)", "12.1(22c)"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected: 12.1AA if (deprecated_version(version, "12.1AA")) { security_warning(port:0, extra:'\nMigrate to 12.2 latest version.\n'); exit(0); } # Affected: 12.1AX if (check_release(version:version, patched:make_list("12.1(14)AX"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected: 12.1AY if (deprecated_version(version, "12.1AY")) { security_warning(port:0, extra:'\nMigrate to 12.1EA latest version.\n'); exit(0); } # Affected: 12.1DA if (deprecated_version(version, "12.1DA")) { security_warning(port:0, extra:'\nMigrate to 12.2DA latest version.\n'); exit(0); } # Affected: 12.1DB if (deprecated_version(version, "12.1DB")) { security_warning(port:0, extra:'\nMigrate to 12.2B latest version.\n'); exit(0); } # Affected 12.1E if (check_release(version:version, patched:make_list("12.1(19)E7", "12.1(22)E1", "12.1(11b)E14", "12.1(20)E2", "12.1(19)E6", "12.1(13)E13", "12.1(8b)E18", "12.1(14)E10", "12.1(13)E14"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.1EA if (check_release(version:version, patched:make_list("12.1(19)EA1b", "12.1(19)EA1c"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.1EB if (check_release(version:version, patched:make_list("12.1(20)EB"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.1EC if (check_release(version:version, patched:make_list("12.1(20)EC"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.1EO if (check_release(version:version, patched:make_list("12.1(20)EO", "12.1(19)EO2"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.1EU if (check_release(version:version, patched:make_list("12.1(20)EU"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.1EV if (deprecated_version(version, "12.1EV")) { security_warning(port:0, extra:'\nMigrate to 12.2(RLS4)S or later.\n'); exit(0); } # Affected 12.1EW if (check_release(version:version, patched:make_list("12.1(20)EW2"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.1EX if (deprecated_version(version, "12.1EX")) { security_warning(port:0, extra:'\nMigrate to 12.1(14)E or later.\n'); exit(0); } # Affected 12.1EY if (deprecated_version(version, "12.1EY")) { security_warning(port:0, extra:'\nMigrate to 12.1(14)E or later.\n'); exit(0); } # Affected 12.1T if (check_release(version:version, patched:make_list("12.1(5)T17"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.1XA if (deprecated_version(version, "12.1XA")) { security_warning(port:0, extra:'\nMigrate to 12.1(5)T18 or later.\n'); exit(0); } # Affected 12.1XB if (deprecated_version(version, "12.1XB")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.1XC if (deprecated_version(version, "12.1XC")) { security_warning(port:0, extra:'\nMigrate to 12.2 latest version.\n'); exit(0); } # Affected 12.1XD if (deprecated_version(version, "12.1XD")) { security_warning(port:0, extra:'\nMigrate to 12.2 latest version.\n'); exit(0); } # Affected 12.1XE if (deprecated_version(version, "12.1XE")) { security_warning(port:0, extra:'\nMigrate to 12.1E Lateest Version\n'); exit(0); } # Affected 12.1XF if (deprecated_version(version, "12.1XF")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.1XG if (deprecated_version(version, "12.1XG")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.1XH if (deprecated_version(version, "12.1XH")) { security_warning(port:0, extra:'\nMigrate to 12.2 latest version.\n'); exit(0); } # Affected 12.1XI if (deprecated_version(version, "12.1XI")) { security_warning(port:0, extra:'\nMigrate to 12.2 latest version.\n'); exit(0); } # Affected 12.1XJ if (deprecated_version(version, "12.1XJ")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.1XL if (deprecated_version(version, "12.1XL")) { security_warning(port:0, extra:'\nMigrate to 12.2T latest version.\n'); exit(0); } # Affected 12.1XM if (deprecated_version(version, "12.1XM")) { security_warning(port:0, extra:'\nMigrate to 12.2T latest version.\n'); exit(0); } # Affected 12.1XP if (deprecated_version(version, "12.1XP")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.1XQ if (deprecated_version(version, "12.1XQ")) { security_warning(port:0, extra:'\nMigrate to 12.2T latest version.\n'); exit(0); } # Affected 12.1XR if (deprecated_version(version, "12.1XR")) { security_warning(port:0, extra:'\nMigrate to 12.2T latest version.\n'); exit(0); } # Affected 12.1XT if (deprecated_version(version, "12.1XT")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 latest version.\n'); exit(0); } # Affected 12.1XU if (deprecated_version(version, "12.1XU")) { security_warning(port:0, extra:'\nMigrate to 12.2T latest version.\n'); exit(0); } # Affected 12.1XV if (deprecated_version(version, "12.1XV")) { security_warning(port:0, extra:'\nMigrate to 12.2XB latest version.\n'); exit(0); } # Affected 12.1YA if (deprecated_version(version, "12.1YA")) { security_warning(port:0, extra:'\nMigrate to 12.2(8)T or later.\n'); exit(0); } # Affected 12.1YB if (deprecated_version(version, "12.1YB")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.1YC if (deprecated_version(version, "12.1YC")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.1YD if (deprecated_version(version, "12.1YD")) { security_warning(port:0, extra:'\nMigrate to 12.2(8)T or later.\n'); exit(0); } # Affected 12.1YE if (deprecated_version(version, "12.1YE")) { security_warning(port:0, extra:'\nMigrate to 12.2(2)YC or later.\n'); exit(0); } # Affected 12.1YF if (deprecated_version(version, "12.1YF")) { security_warning(port:0, extra:'\nMigrate to 12.2(2)YC or later.\n'); exit(0); } # Affected 12.1YH if (deprecated_version(version, "12.1YH")) { security_warning(port:0, extra:'\nMigrate to 12.2(13)T or later.\n'); exit(0); } # Affected 12.1YI if (deprecated_version(version, "12.1YI")) { security_warning(port:0, extra:'\nMigrate to 12.2(2)YC or later.\n'); exit(0); } # Affected 12.1YJ if (deprecated_version(version, "12.1YJ")) { security_warning(port:0, extra:'\nMigrate to 12.1EA latest version.\n'); exit(0); } # Affected 12.2 if (check_release(version:version, patched:make_list("12.2(19b)", "12.2(16f)", "12.2(21a)", "12.2(23)", "12.2(12i)", "12.2(10g)", "12.2(13e)", "12.2(17d)", "12.2(21b)", "12.2(23a)"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2B if (deprecated_version(version, "12.2B")) { security_warning(port:0, extra:'\nMigrate to 12.2(13)T12 / 12.3(5a)B1 or later.\n'); exit(0); } # Affected 12.2BC if (check_release(version:version, patched:make_list("12.2(15)BC1C"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2BW if (deprecated_version(version, "12.2BW")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.2BX if (check_release(version:version, patched:make_list("12.2(16)BX3"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2BY if (deprecated_version(version, "12.2BY")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)B / 12.2(8)ZB / 12.2(8)BZ or later.\n'); exit(0); } # Affected 12.2BZ if (deprecated_version(version, "12.2BZ")) { security_warning(port:0, extra:'\nMigrate to 12.2(16)BX or later.\n'); exit(0); } # Affected 12.2CX if (deprecated_version(version, "12.2CX")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)BC or later.\n'); exit(0); } # Affected 12.2CY if (deprecated_version(version, "12.2CY")) { security_warning(port:0, extra:'\nMigrate to 12.2(13)BC1C or later.\n'); exit(0); } # Affected 12.2DA if (check_release(version:version, patched:make_list("12.2(12)DA6"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2DD if (deprecated_version(version, "12.2DD")) { security_warning(port:0, extra:'\nMigrate to 12.2(4)B1 or later.\n'); exit(0); } # Affected 12.2DX if (deprecated_version(version, "12.2DX")) { security_warning(port:0, extra:'\nMigrate to 12.2DD or 12.2B\n'); exit(0); } # Affected 12.2EW if (check_release(version:version, patched:make_list("12.2(18)EW"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2JA if (check_release(version:version, patched:make_list("12.2(11)JA3", "12.2(13)JA4", "12.2(15)JA"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2MC if (check_release(version:version, patched:make_list("12.2(15)MC1B"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2S if (check_release(version:version, patched:make_list("12.2(22)S", "12.2(14)S7", "12.2(20)S1", "12.2(20)S3", "12.2(18)S3"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2SE if (check_release(version:version, patched:make_list("12.2(18)SE"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2SW if (check_release(version:version, patched:make_list("12.2(21)SW"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2SX if (check_release(version:version, patched:make_list("12.2(17a)SX2", "12.2(17a)SX4"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2SXA if (check_release(version:version, patched:make_list("12.2(17b)SXA2"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2SXB if (check_release(version:version, patched:make_list("12.2(17d)SXB1", "12.2(17d)SXB"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2SY if (check_release(version:version, patched:make_list("12.2(14)SY3"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2SZ if (check_release(version:version, patched:make_list("12.2(14)SZ6"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2ST if (check_release(version:version, patched:make_list("12.2(15)T11", "12.2(13)T12", "12.2(11)T11", "12.2(13)T11"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2XA if (deprecated_version(version, "12.2XA")) { security_warning(port:0, extra:'\nMigrate to 12.2(11)T or later.\n'); exit(0); } # Affected 12.2XB if (deprecated_version(version, "12.2XB")) { security_warning(port:0, extra:'\nMigrate to 12.3 latest version.\n'); exit(0); } # Affected 12.2XC if (deprecated_version(version, "12.2XC")) { security_warning(port:0, extra:'\nMigrate to 12.2(8)ZB or later.\n'); exit(0); } # Affected 12.2XD if (deprecated_version(version, "12.2XD")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.2XE if (deprecated_version(version, "12.2XE")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.2XF if (deprecated_version(version, "12.2XF")) { security_warning(port:0, extra:'\nMigrate to 12.2(4)BC1C or later.\n'); exit(0); } # Affected 12.2XG if (deprecated_version(version, "12.2XG")) { security_warning(port:0, extra:'\nMigrate to 12.2(8)T or later.\n'); exit(0); } # Affected 12.2XH if (deprecated_version(version, "12.2XH")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.2XI if (deprecated_version(version, "12.2XI")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.2XJ if (deprecated_version(version, "12.2XJ")) { security_warning(port:0, extra:'\nMigrate to 12.2(13)T12 or later.\n'); exit(0); } # Affected 12.2XK if (deprecated_version(version, "12.2XK")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.2XL if (deprecated_version(version, "12.2XL")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.2XM if (deprecated_version(version, "12.2XM")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.2XN if (deprecated_version(version, "12.2XN")) { security_warning(port:0, extra:'\nMigrate to 12.2(11)T or later.\n'); exit(0); } # Affected 12.2XQ if (deprecated_version(version, "12.2XQ")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.2XS if (deprecated_version(version, "12.2XS")) { security_warning(port:0, extra:'\nMigrate to 12.2(11)T or later.\n'); exit(0); } # Affected 12.2XT if (deprecated_version(version, "12.2XT")) { security_warning(port:0, extra:'\nMigrate to 12.2(11)T or later.\n'); exit(0); } # Affected 12.2XU if (deprecated_version(version, "12.2XU")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.2XW if (deprecated_version(version, "12.2XW")) { security_warning(port:0, extra:'\nMigrate to 12.2(13)T12 or later.\n'); exit(0); } # Affected 12.2YA if (deprecated_version(version, "12.2YA")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.2YB if (deprecated_version(version, "12.2YB")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.2YC if (deprecated_version(version, "12.2YC")) { security_warning(port:0, extra:'\nMigrate to 12.2(11)T11 or later.\n'); exit(0); } # Affected 12.2YD if (deprecated_version(version, "12.2YD")) { security_warning(port:0, extra:'\nMigrate to 12.2(8)YY or later.\n'); exit(0); } # Affected 12.2YE if (deprecated_version(version, "12.2YE")) { security_warning(port:0, extra:'\nMigrate to 12.2S latest version.\n'); exit(0); } # Affected 12.2YF if (deprecated_version(version, "12.2YF")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.2YG if (deprecated_version(version, "12.2YG")) { security_warning(port:0, extra:'\nMigrate to 12.2(13)T12 or later.\n'); exit(0); } # Affected 12.2YH if (deprecated_version(version, "12.2YH")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.2YJ if (deprecated_version(version, "12.2YJ")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.2YK if (deprecated_version(version, "12.2YK")) { security_warning(port:0, extra:'\nMigrate to 12.2(13)ZC or later.\n'); exit(0); } # Affected 12.2YL if (deprecated_version(version, "12.2YL")) { security_warning(port:0, extra:'\nMigrate to 12.3(2)T or later.\n'); exit(0); } # Affected 12.2YM if (deprecated_version(version, "12.2YM")) { security_warning(port:0, extra:'\nMigrate to 12.3(2)T or later.\n'); exit(0); } # Affected 12.2YN if (deprecated_version(version, "12.2YN")) { security_warning(port:0, extra:'\nMigrate to 12.3(2)T or later.\n'); exit(0); } # Affected 12.2YO if (deprecated_version(version, "12.2YO")) { security_warning(port:0, extra:'\nMigrate to 12.2(14)SY or later.\n'); exit(0); } # Affected 12.2YP if (deprecated_version(version, "12.2YP")) { security_warning(port:0, extra:'\nMigrate to 12.2T latest version.\n'); exit(0); } # Affected 12.2YQ if (deprecated_version(version, "12.2YQ")) { security_warning(port:0, extra:'\nMigrate to 12.3(2)T or later.\n'); exit(0); } # Affected 12.2YR if (deprecated_version(version, "12.2YR")) { security_warning(port:0, extra:'\nMigrate to 12.3(2)T or later.\n'); exit(0); } # Affected 12.2YS if (deprecated_version(version, "12.2YS")) { security_warning(port:0, extra:'\nMigrate to 12.3T latest version.\n'); exit(0); } # Affected 12.2YT if (deprecated_version(version, "12.2YT")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T or later.\n'); exit(0); } # Affected 12.2YU if (deprecated_version(version, "12.2YU")) { security_warning(port:0, extra:'\nMigrate to 12.3(2)T or later.\n'); exit(0); } # Affected 12.2YV if (deprecated_version(version, "12.2YV")) { security_warning(port:0, extra:'\nMigrate to 12.3(4)T or later.\n'); exit(0); } # Affected 12.2YW if (deprecated_version(version, "12.2YW")) { security_warning(port:0, extra:'\nMigrate to 12.3(2)T or later.\n'); exit(0); } # Affected 12.2YX if (deprecated_version(version, "12.2YX")) { security_warning(port:0, extra:'\nMigrate to 12.2(RLS3)S or later.\n'); exit(0); } # Affected 12.2YY if (deprecated_version(version, "12.2YY")) { security_warning(port:0, extra:'\nMigrate to 12.3(1)T or later.\n'); exit(0); } # Affected 12.2YZ if (deprecated_version(version, "12.2YZ")) { security_warning(port:0, extra:'\nMigrate to 12.2(14)SZ or later.\n'); exit(0); } # Affected 12.2ZA if (check_release(version:version, patched:make_list("12.2(14)ZA6"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2ZB if (deprecated_version(version, "12.2ZB")) { security_warning(port:0, extra:'\nMigrate to 12.3T latest version.\n'); exit(0); } # Affected 12.2ZC if (deprecated_version(version, "12.2ZC")) { security_warning(port:0, extra:'\nMigrate to 12.3T latest version.\n'); exit(0); } # Affected 12.2ZD if (check_release(version:version, patched:make_list("12.2(13)ZD1"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2ZE if (deprecated_version(version, "12.2ZE")) { security_warning(port:0, extra:'\nMigrate to 12.3 latest version.\n'); exit(0); } # Affected 12.2ZF if (deprecated_version(version, "12.2ZF")) { security_warning(port:0, extra:'\nMigrate to 12.3(4)T or later.\n'); exit(0); } # Affected 12.2ZG if (deprecated_version(version, "12.2ZG")) { security_warning(port:0, extra:'\nMigrate to 12.3(4)T or later.\n'); exit(0); } # Affected 12.2ZH if (deprecated_version(version, "12.2ZH")) { security_warning(port:0, extra:'\nMigrate to 12.3(4)T or later.\n'); exit(0); } # Affected 12.2ZI if (deprecated_version(version, "12.2ZI")) { security_warning(port:0, extra:'\nMigrate to 12.2(18)S or later.\n'); exit(0); } #Affected 12.2ZJ if (check_release(version:version, patched:make_list("12.2(15)ZJ5", "12.2(15)ZJ4"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2ZK if (deprecated_version(version, "12.2ZK")) { security_warning(port:0, extra:'\nMigrate to 12.3T latest version.\n'); exit(0); } # Affected 12.2ZL if (deprecated_version(version, "12.2ZL")) { security_warning(port:0, extra:'\nMigrate to 12.3(7)T or later.\n'); exit(0); } # Affected 12.2ZN if (deprecated_version(version, "12.2ZN")) { security_warning(port:0, extra:'\nMigrate to 12.3(2)T or later.\n'); exit(0); } # Affected 12.2ZP if (check_release(version:version, patched:make_list("12.2(13)ZP3"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.3 if (check_release(version:version, patched:make_list("12.3(3e)", "12.3(6)", "12.3(5b)"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.3B if (check_release(version:version, patched:make_list("12.3(5a)B", "12.3(3)B1"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.3BW if (deprecated_version(version, "12.3BW")) { security_warning(port:0, extra:'\nMigrate to 12.3B latest version.\n'); exit(0); } # Affected 12.3T if (check_release(version:version, patched:make_list("12.3(2)T4", "12.3(7)T1", "12.3(4)T3", "12.3(4)T6"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.3XA if (deprecated_version(version, "12.3XA")) { security_warning(port:0, extra:'\nContact Cisco TAC for fix information.\n'); exit(0); } # Affected 12.3XB if (check_release(version:version, patched:make_list("12.3(2)XB2"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.3XC if (check_release(version:version, patched:make_list("12.3(2)XC2"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.3XD if (check_release(version:version, patched:make_list("12.3(4)XD1"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.3XE if (deprecated_version(version, "12.3XE")) { security_warning(port:0, extra:'\nMigrate to 12.3T latest version.\n'); exit(0); } # Affected 12.3XF if (deprecated_version(version, "12.3XF")) { security_warning(port:0, extra:'\nContact Cisco TAC for fix information.\n'); exit(0); } # Affected 12.3XG if (check_release(version:version, patched:make_list("12.3(4)XG"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.3XH if (check_release(version:version, patched:make_list("12.3(4)XH"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.3XI if (deprecated_version(version, "12.3XI")) { security_warning(port:0, extra:'\nMigrate to 12.3T latest version.\n'); exit(0); } # Affected 12.3XJ if (deprecated_version(version, "12.3XJ")) { security_warning(port:0, extra:'\nContact Cisco TAC for fix information.\n'); exit(0); } # Affected 12.3XK if (check_release(version:version, patched:make_list("12.3(4)XK"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.3XL if (deprecated_version(version, "12.3XL")) { security_warning(port:0, extra:'\nContact Cisco TAC for fix information.\n'); exit(0); } # Affected 12.3XM if (deprecated_version(version, "12.3XM")) { security_warning(port:0, extra:'\nContact Cisco TAC for fix information.\n'); exit(0); } # Affected 12.3XN if (deprecated_version(version, "12.3XN")) { security_warning(port:0, extra:'\nContact Cisco TAC for fix information.\n'); exit(0); } # Affected 12.3XQ if (deprecated_version(version, "12.3XQ")) { security_warning(port:0, extra:'\nContact Cisco TAC for fix information.\n'); exit(0); } exit(0, "The host is not affected.");NASL family Solaris Local Security Checks NASL id SOLARIS_JAN2015_SRU11_1_15_4_0.NASL description This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. (CVE-2004-0230) - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. (CVE-2014-6575) last seen 2020-06-01 modified 2020-06-02 plugin id 80937 published 2015-01-23 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80937 title Oracle Solaris Critical Patch Update : jan2015_SRU11_1_15_4_0 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Oracle CPU for jan2015. # include("compat.inc"); if (description) { script_id(80937); script_version("1.10"); script_cvs_date("Date: 2020/01/16"); script_cve_id("CVE-2004-0230", "CVE-2014-6575"); script_bugtraq_id(10183, 72156); script_name(english:"Oracle Solaris Critical Patch Update : jan2015_SRU11_1_15_4_0"); script_summary(english:"Check for the jan2015 CPU"); script_set_attribute( attribute:"synopsis", value: "The remote Solaris system is missing a security patch from CPU jan2015." ); script_set_attribute( attribute:"description", value: "This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. (CVE-2004-0230) - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. (CVE-2014-6575)" ); script_set_attribute( attribute:"see_also", value:"https://support.oracle.com/epmos/faces/DocumentDisplay?id=1956176.1" ); # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/2367957.xml script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?8b92ae0e" ); script_set_attribute( attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpujan2015.html" ); script_set_attribute( attribute:"solution", value:"Install the jan2015 CPU from the Oracle support website." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/08/18"); script_set_attribute(attribute:"patch_publication_date", value:"2015/01/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/23"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Solaris11/release"); if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11"); fix_release = "0.5.11-0.175.1.15.0.4.0"; flag = 0; if (solaris_check_release(release:"0.5.11-0.175.1.15.0.4.0", sru:"11.1.15.4.0") > 0) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report2()); else security_warning(0); exit(0); } audit(AUDIT_OS_RELEASE_NOT, "Solaris", fix_release, release);NASL family Windows NASL id SMB_KB893066.NASL description The remote host runs a version of Windows that has a flaw in its TCP/IP stack. The flaw may allow an attacker to execute arbitrary code with SYSTEM privileges on the remote host or to perform a denial of service attack against the remote host. Proof of concept code is available to perform a denial of service attack against a vulnerable system. last seen 2020-06-01 modified 2020-06-02 plugin id 18028 published 2005-04-12 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18028 title MS05-019: Vulnerabilities in TCP/IP Could Allow Remote Code Execution (893066) (uncredentialed check) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(18028); script_version("1.37"); script_cvs_date("Date: 2018/11/15 20:50:28"); script_cve_id("CVE-2005-0048", "CVE-2004-0790", "CVE-2004-1060", "CVE-2004-0230", "CVE-2005-0688"); script_bugtraq_id(13124, 13116); script_xref(name:"MSFT", value:"MS05-019"); script_xref(name:"MSKB", value:"893066"); script_name(english:"MS05-019: Vulnerabilities in TCP/IP Could Allow Remote Code Execution (893066) (uncredentialed check)"); script_summary(english:"Checks for hotfix KB893066"); script_set_attribute(attribute:"synopsis", value: "Arbitrary code can be executed on the remote host due to a flaw in the TCP/IP stack."); script_set_attribute(attribute:"description", value: "The remote host runs a version of Windows that has a flaw in its TCP/IP stack. The flaw may allow an attacker to execute arbitrary code with SYSTEM privileges on the remote host or to perform a denial of service attack against the remote host. Proof of concept code is available to perform a denial of service attack against a vulnerable system."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2005/ms05-019"); script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for Windows 2000, XP and 2003."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/04/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/04/12"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_family(english:"Windows"); script_dependencies("tcp_seq_window.nasl", "os_fingerprint.nasl"); script_require_keys("TCP/seq_window_flaw", "Host/OS", "Settings/ParanoidReport"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); os = get_kb_item_or_exit("Host/OS") ; conf = get_kb_item_or_exit("Host/OS/Confidence"); if (conf <= 70) exit(1, "Can't determine the host's OS with sufficient confidence."); if ("Windows" >!< os) exit(0, "The host is not running Windows."); if ("Windows 4.0" >< os) exit(0, "Windows NT is not reported to be affected."); if ("Windows Server 2003 Service Pack" >< os) exit(0, "Windows 2003 SP1 and later are not reported to be affected."); if (ereg(pattern:"Windows (95|98|ME|XP|Server 2003)", string:os)) { if (get_kb_item("TCP/seq_window_flaw")) { security_hole(port:get_kb_item("SMB/transport")); exit(0); } else exit(0, "The host is not affected."); } else exit(0, "The host is not running one of the versions of Windows reportedly affected.");NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_150401-10.NASL description Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. last seen 2020-06-01 modified 2020-06-02 plugin id 108189 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108189 title Solaris 10 (x86) : 150401-10 code # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(108189); script_version("1.5"); script_cvs_date("Date: 2020/01/08"); script_cve_id("CVE-2004-0230", "CVE-2014-6575", "CVE-2015-0375"); script_name(english:"Solaris 10 (x86) : 150401-10"); script_summary(english:"Check for patch 150401-10"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 150401-10" ); script_set_attribute( attribute:"description", value: "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/150401-10" ); script_set_attribute(attribute:"solution", value:"Install patch 150401-10 or higher"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2004-0230"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:127981"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:142008"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:142047"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:142333"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:144312"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:144541"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:146448"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:146809"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:146839"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:146849"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:147698"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148175"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148232"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148554"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148558"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148678"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148695"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148722"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148767"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148876"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149313"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149503"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149617"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149637"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149641"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149643"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149649"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149730"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150116"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150118"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150154"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150162"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150170"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150301"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150385"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150401"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150528"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150628"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150630"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150636"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150757"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150761"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:151150"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:151426"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/08/18"); script_set_attribute(attribute:"patch_publication_date", value:"2014/03/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWarc", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWarcr", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWbtool", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWcakr", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWckr", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWcpc", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWcry", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWcsl", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWcslr", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWcsr", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWcsu", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWdtrc", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWesu", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWfmd", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWfss", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWftdur", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWhea", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWintgige", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWlxr", version:"11.10.0,REV=2007.06.20.13.12") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWmdb", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWmdbr", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWos86r", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWperl584core", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWpkcs11kms", version:"11.10.0,REV=2011.04.20.04.51") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWsmapi", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWzfskr", version:"11.10.0,REV=2006.05.18.01.46") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWzfsr", version:"11.10.0,REV=2006.05.18.01.46") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWzfsu", version:"11.10.0,REV=2006.05.18.01.46") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWarc / SUNWarcr / SUNWbtool / SUNWcakr / SUNWckr / SUNWcpc / etc"); }NASL family Solaris Local Security Checks NASL id SOLARIS10_150400-10.NASL description Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. last seen 2020-06-01 modified 2020-06-02 plugin id 107708 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107708 title Solaris 10 (sparc) : 150400-10 code # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107708); script_version("1.5"); script_cvs_date("Date: 2020/01/08"); script_cve_id("CVE-2004-0230", "CVE-2014-6575", "CVE-2015-0375"); script_name(english:"Solaris 10 (sparc) : 150400-10"); script_summary(english:"Check for patch 150400-10"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 150400-10" ); script_set_attribute( attribute:"description", value: "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/150400-10" ); script_set_attribute(attribute:"solution", value:"Install patch 150400-10 or higher"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2004-0230"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:122255"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:127980"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:137048"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:139510"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:139944"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:142007"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:142332"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:144540"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:146808"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:146838"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:146848"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:147697"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148161"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148174"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148231"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148338"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148553"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148557"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148721"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148730"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148766"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148875"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149502"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149616"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149640"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149642"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149648"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149718"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149729"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150108"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150109"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150115"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150125"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150161"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150169"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150300"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150307"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150311"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150400"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150527"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150531"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150532"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150541"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150627"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150629"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150756"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150760"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150840"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150841"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:151145"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:151149"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:151425"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:151608"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:152367"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:152530"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:152539"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/08/18"); script_set_attribute(attribute:"patch_publication_date", value:"2014/03/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"FJSVhea", version:"11.10.0,REV=2005.01.20.17.25") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"FJSVmdbr", version:"11.10.0,REV=2005.01.20.17.25") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWarc", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWarcr", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWcakr", version:"11.10.0,REV=2005.08.25.02.12") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWcar", version:"11.10.0,REV=2005.08.10.02.13") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWckr", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWcpr", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWcry", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWcsl", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWcslr", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWcsr", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWcsu", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWdtrc", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWefc", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWefcl", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWfmd", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWfss", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWftdur", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWhea", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWintgige", version:"11.10.0,REV=2005.09.15.00.13") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWiopc", version:"11.10.0,REV=2006.07.11.11.28") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWldomr", version:"11.10.0,REV=2006.10.04.00.26") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWldomu", version:"11.10.0,REV=2006.08.08.12.13") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWmdb", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWmdbr", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWn2cp", version:"11.10.0,REV=2007.07.08.21.44") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWpd", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWpdu", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWperl584core", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWs8brandu", version:"11.10.0,REV=2007.10.08.16.51") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWs9brandr", version:"11.10.0,REV=2008.04.24.03.37") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWs9brandu", version:"11.10.0,REV=2008.04.24.03.37") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWsmapi", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWssad", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWust1", version:"11.10.0,REV=2005.08.10.02.13") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWust2", version:"11.10.0,REV=2007.07.08.17.44") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWzfskr", version:"11.10.0,REV=2006.05.18.02.15") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWzfsr", version:"11.10.0,REV=2006.05.18.02.15") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWzfsu", version:"11.10.0,REV=2006.05.18.02.15") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "FJSVhea / FJSVmdbr / SUNWarc / SUNWarcr / SUNWcakr / SUNWcar / etc"); }NASL family Junos Local Security Checks NASL id JUNIPER_JSA10638.NASL description According to its self-reported version number, the remote Juniper Junos device is affected by a denial of service vulnerability. An attacker who can guess an in-window sequence number, source and destination addresses, and port numbers can exploit this vulnerability to reset any established TCP session. This issue only affects TCP sessions terminating on the router. Transit traffic and TCP Proxy services are unaffected by this vulnerability. last seen 2019-10-28 modified 2014-07-15 plugin id 76506 published 2014-07-15 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76506 title Juniper Junos TCP Packet Processing Remote DoS (JSA10638) code #TRUSTED 5f434e6a7c9071c098304ae4af638cae9e07441ec814ff789ba27e107cac76abef7c2374ec35060d25ffc87ef9d8179e7e01382d569dcf61c9c4cbb7908ddcbf5bb8bfabf7ceeb43e2c7cc13e07f1541545264e1323e7c24403c913f87c8a8fa98fe3e2d2168757d58f92281f787eb33ed9330375e20cdb71e6ed1bfd278c425d2ce70a592ad637d623cd65ffc9f5286b589434a2188f6f03adab1503b7c264b83ed546f887d21411714e8df0b010e90ff22982a594abf65c3bbb93e95344879398005ba48331e1cd09626761f4de83e8d4d8c93f0d8e30b5682e750c9f2898df0132c161dcad7fe433e5067c0841596a1d6cea0e0b19ae753e1a5ec8f3a8c5614de3875b8dae96ec6776c1ff7da29f83868d6944327cf15be132f8cfa716526ffc847ac2922845c66ec908f666481e3db0d4cbdffa65fc3e557bffe5e1d4c469b69ab1a0d934cf913bd6f014420c048c6c43b09308e91ac5dfa2b9776f737f11a7e978d03eb8b4ad196f015498b9cd72e0bc74571cf700ed48d882f991132d40abe5a98e0e3dedbeb22a330acb68f443d3c7574c205a620c36f2e7a648ec094b2ef308f03ca2215583621f46422558776559f782880213e4fbf9983ce6a02b3d8f7b047c2ccfd7fb6e303806a1be67ace3413cfa44cc3bd06e108a5929134f5efd8f3c985e1968066464e6409117953e39f93ab4b9522a269257d6820ffc435 # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(76506); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2018/07/12"); script_cve_id("CVE-2004-0230"); script_bugtraq_id(10183); script_xref(name:"JSA", value:"JSA10638"); script_name(english:"Juniper Junos TCP Packet Processing Remote DoS (JSA10638)"); script_summary(english:"Checks the Junos version, build date, and configuration."); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch."); script_set_attribute(attribute:"description", value: "According to its self-reported version number, the remote Juniper Junos device is affected by a denial of service vulnerability. An attacker who can guess an in-window sequence number, source and destination addresses, and port numbers can exploit this vulnerability to reset any established TCP session. This issue only affects TCP sessions terminating on the router. Transit traffic and TCP Proxy services are unaffected by this vulnerability."); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10638"); script_set_attribute(attribute:"solution", value: "Apply the relevant Junos software release referenced in Juniper advisory JSA10638."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/08/18"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/15"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Junos Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_dependencies("junos_version.nasl"); script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/JUNOS/BuildDate"); exit(0); } include("audit.inc"); include("junos_kb_cmd_func.inc"); include("misc_func.inc"); ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version'); build_date = get_kb_item_or_exit('Host/Juniper/JUNOS/BuildDate'); # Junos OS 14.1R1 release date if (compare_build_dates(build_date, '2014-06-26') >= 0) audit(AUDIT_INST_VER_NOT_VULN, 'Junos', ver + ' (build date ' + build_date + ')'); fixes = make_array(); fixes['11.4'] = '11.4R11'; fixes['12.1X44'] = '12.1X44-D35'; fixes['12.1X45'] = '12.1X45-D25'; fixes['12.1X46'] = '12.1X46-D20'; fixes['12.1X47'] = '12.1X47-D10'; fixes['12.1'] = '12.1R10'; fixes['12.2'] = '12.2R8'; fixes['12.3'] = '12.3R6'; fixes['13.1'] = '13.1R4'; fixes['13.2'] = '13.2R4'; fixes['13.3'] = '13.3R2'; fixes['14.1'] = '14.1R1'; fix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE); override = TRUE; buf = junos_command_kb_item(cmd:"show configuration | display set"); # Multiple workarounds are available but all other workarounds are difficult to check if (buf) { pattern = "^set system internet-options tcp-reset-syn-acknowledge"; if (junos_check_config(buf:buf, pattern:pattern)) override = FALSE; # Display caveat instead of checking for other workarounds/auditing out } junos_report(ver:ver, fix:fix, override:override, severity:SECURITY_WARNING);NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS05-019.NASL description The remote host runs a version of Windows that has a flaw in its TCP/IP stack. The flaw could allow an attacker to execute arbitrary code with SYSTEM privileges on the remote host, or to perform a denial of service attack against the remote host. Proof of concept code is available to perform a Denial of Service against a vulnerable system. last seen 2020-06-01 modified 2020-06-02 plugin id 18023 published 2005-04-12 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18023 title MS05-019: Vulnerabilities in TCP/IP Could Allow Remote Code Execution (893066) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(18023); script_version("1.43"); script_cvs_date("Date: 2018/11/15 20:50:29"); script_cve_id( "CVE-2004-0230", "CVE-2004-0790", "CVE-2004-1060", "CVE-2005-0048", "CVE-2005-0065", "CVE-2005-0066", "CVE-2005-0067", "CVE-2005-0068", "CVE-2005-0688" ); script_bugtraq_id(13116, 13124, 13658); script_xref(name:"MSFT", value:"MS05-019"); script_xref(name:"CERT", value:"222750"); script_xref(name:"CERT", value:"233754"); script_xref(name:"CERT", value:"396645"); script_xref(name:"CERT", value:"415294"); script_xref(name:"EDB-ID", value:"276"); script_xref(name:"EDB-ID", value:"291"); script_xref(name:"EDB-ID", value:"861"); script_xref(name:"EDB-ID", value:"948"); script_xref(name:"EDB-ID", value:"24030"); script_xref(name:"EDB-ID", value:"24031"); script_xref(name:"EDB-ID", value:"24032"); script_xref(name:"EDB-ID", value:"24033"); script_xref(name:"EDB-ID", value:"25383"); script_xref(name:"EDB-ID", value:"25388"); script_xref(name:"EDB-ID", value:"25389"); script_xref(name:"MSKB", value:"893066"); script_name(english:"MS05-019: Vulnerabilities in TCP/IP Could Allow Remote Code Execution (893066)"); script_summary(english:"Checks the remote registry for 893066"); script_set_attribute(attribute:"synopsis", value: "Arbitrary code can be executed on the remote host due to a flaw in the TCP/IP stack."); script_set_attribute(attribute:"description", value: "The remote host runs a version of Windows that has a flaw in its TCP/IP stack. The flaw could allow an attacker to execute arbitrary code with SYSTEM privileges on the remote host, or to perform a denial of service attack against the remote host. Proof of concept code is available to perform a Denial of Service against a vulnerable system."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2005/ms05-019"); script_set_attribute(attribute:"solution", value: "Microsoft has released a set of patches for Windows 2000, XP and 2003."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/03/05"); script_set_attribute(attribute:"patch_publication_date", value:"2005/04/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/04/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_family(english:"Windows : Microsoft Bulletins"); script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, 'Host/patch_management_checks'); exit(0); } include("audit.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_hotfixes.inc"); include("smb_func.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS05-019'; kb = '893066'; kbs = make_list(kb); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (hotfix_check_sp_range(win2k:'3,4', xp:'1,2', win2003:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN); rootfile = hotfix_get_systemroot(); if (!rootfile) exit(1, "Failed to get the system root."); share = hotfix_path2share(path:rootfile); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); if ( hotfix_is_vulnerable(os:"5.2", sp:0, file:"Tcpip.sys", version:"5.2.3790.336", dir:"\system32\drivers", bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"5.1", sp:1, file:"Tcpip.sys", version:"5.1.2600.1693", dir:"\system32\drivers", bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"5.1", sp:2, file:"Tcpip.sys", version:"5.1.2600.2685", dir:"\system32\drivers", bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"5.0", file:"Tcpip.sys", version:"5.0.2195.7049", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ) { set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS06-064.NASL description The remote host runs a version of Windows that has a flaw in its TCP/IP IPv6 stack. The flaw could allow an attacker to perform a denial of service attack against the remote host. To exploit this vulnerability, an attacker needs to send a specially crafted ICMP or TCP packet to the remote host. last seen 2020-06-01 modified 2020-06-02 plugin id 22537 published 2006-10-10 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22537 title MS06-064: Vulnerability in TCP/IP IPv6 Could Allow Denial of Service (922819) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(22537); script_version("1.31"); script_cvs_date("Date: 2018/11/15 20:50:30"); script_cve_id("CVE-2004-0790","CVE-2004-0230","CVE-2005-0688"); script_bugtraq_id(13124, 13658); script_xref(name:"CERT", value:"415294"); script_xref(name:"CERT", value:"222750"); script_xref(name:"CERT", value:"396645"); script_xref(name:"MSFT", value:"MS06-064"); script_xref(name:"MSKB", value:"922819"); script_name(english:"MS06-064: Vulnerability in TCP/IP IPv6 Could Allow Denial of Service (922819)"); script_summary(english:"Checks the remote registry for 922819"); script_set_attribute(attribute:"synopsis", value: "It is possible to crash the remote host due to a flaw in the TCP/IP IPv6 stack."); script_set_attribute(attribute:"description", value: "The remote host runs a version of Windows that has a flaw in its TCP/IP IPv6 stack. The flaw could allow an attacker to perform a denial of service attack against the remote host. To exploit this vulnerability, an attacker needs to send a specially crafted ICMP or TCP packet to the remote host."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2006/ms06-064"); script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for Windows XP and 2003."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/12/22"); script_set_attribute(attribute:"patch_publication_date", value:"2006/10/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/10"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_family(english:"Windows : Microsoft Bulletins"); script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, 'Host/patch_management_checks'); exit(0); } include("audit.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_hotfixes.inc"); include("smb_func.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS06-064'; kb = '922819'; kbs = make_list(kb); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (hotfix_check_sp_range(xp:'1,2', win2003:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN); rootfile = hotfix_get_systemroot(); if (!rootfile) exit(1, "Failed to get the system root."); share = hotfix_path2share(path:rootfile); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); if ( hotfix_is_vulnerable(os:"5.2", sp:0, file:"Tcpip6.sys", version:"5.2.3790.576", dir:"\system32\drivers", bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"5.2", sp:1, file:"Tcpip6.sys", version:"5.2.3790.2771", dir:"\system32\drivers", bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"5.1", sp:1, file:"Tcpip6.sys", version:"5.1.2600.1886", dir:"\system32\drivers", bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"5.1", sp:2, file:"Tcpip6.sys", version:"5.1.2600.2975", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ) { set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_security_warning(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-0333-1.NASL description The SUSE Linux Enterprise 11 SP2 LTSS kernel was updated to receive various security and bugfixes. This is the last planned LTSS kernel update for the SUSE Linux Enterprise Server 11 SP2 LTSS. The following security bugs were fixed : - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bnc#1017710). - CVE-2004-0230: TCP, when using a large Window Size, made it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP (bnc#969340). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831). - CVE-2016-8399: An out of bounds read in the ping protocol handler could have lead to information disclosure (bsc#1014746). - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531). - CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542). - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038). - CVE-2016-3841: The IPv6 stack in the Linux kernel mishandled options data, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call (bnc#992566). - CVE-2016-9685: Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations (bnc#1012832). - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecified removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacked chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716). - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-7916: Race condition in the environ_read function in fs/proc/base.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete (bnc#1010467). - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux kernel allowed local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data (bnc#1010150). - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833). - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel used an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517). - CVE-2016-7097: The filesystem implementation in the Linux kernel preserves the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bnc#995968). - CVE-2017-5551: The filesystem implementation in the Linux kernel preserves the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. This CVE tracks the fix for the tmpfs filesystem. (bsc#1021258). - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077). - CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel allowed local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721 (bnc#994759). - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932). - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option (bnc#994296). - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a last seen 2020-06-01 modified 2020-06-02 plugin id 96903 published 2017-01-31 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96903 title SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0333-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-0494-1.NASL description The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2015-8970: crypto/algif_skcipher.c in the Linux kernel did not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that did not supply a key, related to the lrw_crypt function in crypto/lrw.c (bnc#1008374). - CVE-2017-5551: Clear S_ISGID on tmpfs when setting posix ACLs (bsc#1021258). - CVE-2016-7097: The filesystem implementation in the Linux kernel preserves the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bnc#995968). - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bnc#1017710). - CVE-2004-0230: TCP, when using a large Window Size, made it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP (bnc#969340). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831). - CVE-2016-8399: An elevation of privilege vulnerability in the kernel networking subsystem could have enabled a local malicious application to execute arbitrary code within the context of the kernel bnc#1014746). - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531). - CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542). - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038). - CVE-2016-3841: The IPv6 stack in the Linux kernel mishandled options data, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call (bnc#992566). - CVE-2016-9685: Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations (bnc#1012832). - CVE-2015-1350: The VFS subsystem in the Linux kernel provided an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacked chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716). - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-7916: Race condition in the environ_read function in fs/proc/base.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete (bnc#1010467). - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux kernel allowed local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data (bnc#1010150). - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel in certain unusual hardware configurations allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833). - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux, when the GNU Compiler Collection (gcc) stack protector is enabled, used an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517). - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077). - CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel allowed local users to obtain sensitive physical-address information by reading a pagemap file (bnc#994759). - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932). - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option (bnc#994296). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 97297 published 2017-02-21 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97297 title SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0494-1) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_729C4A9F600711E6A6C314DAE9D210B8.NASL description When a segment with the SYN flag for an already existing connection arrives, the TCP stack tears down the connection, bypassing a check that the sequence number in the segment is in the expected window. Impact : An attacker who has the ability to spoof IP traffic can tear down a TCP connection by sending only 2 packets, if they know both TCP port numbers. In case one of the two port numbers is unknown, a successful attack requires less than 2**17 packets spoofed, which can be generated within less than a second on a decent connection to the Internet. last seen 2020-06-01 modified 2020-06-02 plugin id 92907 published 2016-08-12 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92907 title FreeBSD : FreeBSD -- Denial of Service in TCP packet processing (729c4a9f-6007-11e6-a6c3-14dae9d210b8) NASL family Denial of Service NASL id TCP_SEQ_WINDOW.NASL description The remote host is affected by a sequence number approximation vulnerability that allows an attacker to send spoofed RST packets to the remote host and close established connections. This may cause problems for some dedicated services (BGP, a VPN over TCP, etc). last seen 2020-06-01 modified 2020-06-02 plugin id 12213 published 2004-04-25 reporter This script is (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/12213 title TCP/IP Sequence Prediction Blind Reset Spoofing DoS NASL family Misc. NASL id JUNIPER_NSM_2012_1.NASL description According to the version of one or more Juniper NSM servers running on the remote host, it is potentially vulnerable to multiple vulnerabilities, the worst of which may allow an authenticated user to trigger a denial of service condition or execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 69872 published 2013-09-13 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69872 title Juniper NSM Servers < 2012.1 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-0437-1.NASL description The SUSE Linux Enterprise 11 SP4 kernel was updated to 3.0.101-94 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-5551: tmpfs: clear S_ISGID when setting posix ACLs (bsc#1021258). - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device NOTE: this vulnerability existed because of an incomplete fix for CVE-2016-9576 (bnc#1017710). - CVE-2016-5696: TCP, when using a large Window Size, made it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP (bnc#989152). - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provided an incomplete set of requirements for setattr operations that underspecified removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831). - CVE-2016-8399: An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. (bnc#1014746). - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531). - CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542). - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038). - CVE-2016-9685: Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations (bnc#1012832). - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacked chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716). - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711). - CVE-2013-6368: The KVM subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address (bnc#853052). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-7916: Race condition in the environ_read function in fs/proc/base.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete (bnc#1010467). - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux kernel allowed local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data (bnc#1010150). - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel, in certain unusual hardware configurations, allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 97097 published 2017-02-10 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97097 title SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0437-1)
Oval
accepted 2013-09-02T04:05:45.550-04:00 class vulnerability contributors name Matthew Burton organization The MITRE Corporation name John Hoyland organization Centennial Software name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc. name Dragos Prisaca organization G2, Inc.
description TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP. family windows id oval:org.mitre.oval:def:2689 status accepted submitted 2005-08-18T04:00:00.000-04:00 title Server 2003 Large Window Size TCP RST Denial of Service version 41 accepted 2011-05-09T04:01:29.162-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Shane Shaffer organization G2, Inc.
definition_extensions comment Microsoft Windows XP SP1 (32-bit) is installed oval oval:org.mitre.oval:def:1 comment Microsoft Windows XP SP2 or later is installed oval oval:org.mitre.oval:def:521 comment Microsoft Windows XP SP1 (64-bit) is installed oval oval:org.mitre.oval:def:480 comment Microsoft Windows Server 2003 (x86) Gold is installed oval oval:org.mitre.oval:def:165 comment Microsoft Windows Server 2003 SP1 (x86) is installed oval oval:org.mitre.oval:def:565
description TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP. family windows id oval:org.mitre.oval:def:270 status accepted submitted 2006-10-11T05:29:41 title TCP Connection Reset Vulnerability version 42 accepted 2011-05-16T04:02:48.829-04:00 class vulnerability contributors name Matthew Burton organization The MITRE Corporation name John Hoyland organization Centennial Software name Dragos Prisaca organization Gideon Technologies, Inc. name Brendan Miles organization The MITRE Corporation name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP. family windows id oval:org.mitre.oval:def:3508 status accepted submitted 2005-08-18T04:00:00.000-04:00 title WinXP Large Window Size TCP RST Denial of Service version 42 accepted 2011-05-16T04:03:04.644-04:00 class vulnerability contributors name Matthew Burton organization The MITRE Corporation name John Hoyland organization Centennial Software name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP. family windows id oval:org.mitre.oval:def:4791 status accepted submitted 2005-04-22T12:00:00.000-04:00 title Win2k Large Window Size TCP RST Denial of Service version 39 accepted 2008-09-08T04:00:38.111-04:00 class vulnerability contributors name Yuzheng Zhou organization Hewlett-Packard description TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP. family ios id oval:org.mitre.oval:def:5711 status accepted submitted 2008-05-26T11:06:36.000-04:00 title Cisco Systems Spoofed TCP Reset and SYN Denial of Service Vulnerability version 3
Packetstorm
data source https://packetstormsecurity.com/files/download/33185/disconn.py id PACKETSTORM:33185 last seen 2016-12-05 published 2004-04-28 reporter Michael Gschwandtner source https://packetstormsecurity.com/files/33185/disconn.py.html title disconn.py data source https://packetstormsecurity.com/files/download/33182/Kreset.pl id PACKETSTORM:33182 last seen 2016-12-05 published 2004-04-25 reporter K-sPecial source https://packetstormsecurity.com/files/33182/Kreset.pl.html title Kreset.pl
Statements
| contributor | Mark J Cox |
| lastmodified | 2006-08-16 |
| organization | Red Hat |
| statement | The DHS advisory is a good source of background information about the issue: http://www.us-cert.gov/cas/techalerts/TA04-111A.html It is important to note that the issue described is a known function of TCP. In order to perform a connection reset an attacker would need to know the source and destination ip address and ports as well as being able to guess the sequence number within the window. These requirements seriously reduce the ability to trigger a connection reset on normal TCP connections. The DHS advisory explains that BGP routing is a specific case where being able to trigger a reset is easier than expected as the end points can be easily determined and large window sizes are used. BGP routing is also signficantly affected by having it’s connections terminated. The major BGP peers have recently switched to requiring md5 signatures which mitigates against this attack. The following article from Linux Weekly News also puts the flaw into context and shows why it does not pose a significant threat: http://lwn.net/Articles/81560/ Red Hat does not have any plans for action regarding this issue. |
References
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-006.txt.asc
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.3/SCOSA-2005.3.txt
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.9/SCOSA-2005.9.txt
- ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.14/SCOSA-2005.14.txt
- ftp://patches.sgi.com/support/free/security/advisories/20040403-01-A.asc
- http://kb.juniper.net/JSA10638
- http://marc.info/?l=bugtraq&m=108302060014745&w=2
- http://marc.info/?l=bugtraq&m=108506952116653&w=2
- http://secunia.com/advisories/11440
- http://secunia.com/advisories/11458
- http://secunia.com/advisories/22341
- http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml
- http://www.kb.cert.org/vuls/id/415294
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.osvdb.org/4030
- http://www.securityfocus.com/archive/1/449179/100/0/threaded
- http://www.securityfocus.com/bid/10183
- http://www.uniras.gov.uk/vuls/2004/236929/index.htm
- http://www.us-cert.gov/cas/techalerts/TA04-111A.html
- http://www.vupen.com/english/advisories/2006/3983
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-019
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-064
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15886
- https://kc.mcafee.com/corporate/index?page=content&id=SB10053
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2689
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A270
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3508
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4791
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5711